WordPress Plugin Vulnerabilities

Comment Reply Notification <= 1.4 - Cross-Site Request Forgery

Description

The plugin does not properly validate requests use nonces, leading to a Cross-Site Request Forgery (CSRF) vulnerability.

Affects Plugins

Plugin icon
comment-reply-notification
No known fix

References

CVE
CVE-2023-25051
URL
https://patchstack.com/database/vulnerability/comment-reply-notification/wordpress-comment-reply-notification-plugin-1-4-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
95595766-d535-43cc-9655-6b7d3018c5e1

Timeline

Publicly Published
2023-04-04 (about 3 years ago)
Added
2023-07-11 (about 2 years ago)
Last Updated
2023-07-11 (about 2 years ago)

Other

Published
Title
Published
2026-01-15
Title
LEAV Last Email Address Validator <= 1.7.1 - Cross-Site Request Forgery to Plugin Settings Update
Published
2025-03-23
Title
Rentals <= 3.13.1 - Cross-Site Request Forgery
Published
2021-02-17
Title
Process Steps Template Designer < 1.3 - CSRF to Stored Cross-Site Scripting (XSS)
Published
2023-03-16
Title
WP Shortcode by MyThemeShop < 1.4.17 - CSRF
Published
2024-08-27
Title
Posts reminder <= 0.20 - Settings Update via CSRF